From: Matthew Rosato <mjrosato@linux.ibm.com>
To: iommu@lists.linux.dev
Cc: linux-s390@vger.kernel.org, schnelle@linux.ibm.com,
pmorel@linux.ibm.com, borntraeger@linux.ibm.com,
hca@linux.ibm.com, gor@linux.ibm.com,
gerald.schaefer@linux.ibm.com, agordeev@linux.ibm.com,
svens@linux.ibm.com, joro@8bytes.org, will@kernel.org,
robin.murphy@arm.com, jgg@nvidia.com,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 2/2] iommu/s390: fix leak of s390_domain_device
Date: Wed, 31 Aug 2022 16:12:36 -0400 [thread overview]
Message-ID: <20220831201236.77595-3-mjrosato@linux.ibm.com> (raw)
In-Reply-To: <20220831201236.77595-1-mjrosato@linux.ibm.com>
Since allowing multiple domains to be attached via fa7e9ecc5e1c, it's now
possible that a kfree of s390_domain_device is missed, either because a
corresponding detach_dev was never called or because a repeat attach_dev
was called for the same device and domain pair (resulting in unnecessary
duplicates). Check for duplicates during attach_dev and ensure the list
of s390_domain_device structures is cleared up when the domain is freed.
Fixes: fa7e9ecc5e1c ("iommu/s390: Tolerate repeat attach_dev calls")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
---
drivers/iommu/s390-iommu.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/drivers/iommu/s390-iommu.c b/drivers/iommu/s390-iommu.c
index 1137d669e849..db4dfbcf161b 100644
--- a/drivers/iommu/s390-iommu.c
+++ b/drivers/iommu/s390-iommu.c
@@ -78,7 +78,17 @@ static struct iommu_domain *s390_domain_alloc(unsigned domain_type)
static void s390_domain_free(struct iommu_domain *domain)
{
struct s390_domain *s390_domain = to_s390_domain(domain);
+ struct s390_domain_device *domain_device, *tmp;
+ unsigned long flags;
+ /* Ensure all device entries are cleaned up */
+ spin_lock_irqsave(&s390_domain->list_lock, flags);
+ list_for_each_entry_safe(domain_device, tmp, &s390_domain->devices,
+ list) {
+ list_del(&domain_device->list);
+ kfree(domain_device);
+ }
+ spin_unlock_irqrestore(&s390_domain->list_lock, flags);
dma_cleanup_tables(s390_domain->dma_table);
kfree(s390_domain);
}
@@ -88,7 +98,7 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
{
struct s390_domain *s390_domain = to_s390_domain(domain);
struct zpci_dev *zdev = to_zpci_dev(dev);
- struct s390_domain_device *domain_device;
+ struct s390_domain_device *domain_device, *ddev;
unsigned long flags;
int cc, rc;
@@ -140,7 +150,16 @@ static int s390_iommu_attach_device(struct iommu_domain *domain,
goto out_restore;
}
domain_device->zdev = zdev;
- list_add(&domain_device->list, &s390_domain->devices);
+ /* If already attached don't add another instance */
+ list_for_each_entry(ddev, &s390_domain->devices, list) {
+ if (ddev->zdev == zdev) {
+ kfree(domain_device);
+ domain_device = NULL;
+ break;
+ }
+ }
+ if (domain_device)
+ list_add(&domain_device->list, &s390_domain->devices);
spin_unlock_irqrestore(&s390_domain->list_lock, flags);
zdev->s390_domain = s390_domain;
mutex_unlock(&zdev->dma_domain_lock);
--
2.37.2
prev parent reply other threads:[~2022-08-31 20:13 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-31 20:12 [PATCH v4 0/2] iommu/s390: fixes related to repeat attach_dev calls Matthew Rosato
2022-08-31 20:12 ` [PATCH v4 1/2] iommu/s390: Fix race with release_device ops Matthew Rosato
2022-09-01 7:56 ` Pierre Morel
2022-09-01 9:37 ` Niklas Schnelle
2022-09-01 11:01 ` Robin Murphy
2022-09-01 13:42 ` Niklas Schnelle
2022-09-01 14:17 ` Niklas Schnelle
2022-09-01 14:29 ` Robin Murphy
2022-09-01 14:34 ` Jason Gunthorpe
2022-09-01 15:03 ` Robin Murphy
2022-09-01 15:49 ` Jason Gunthorpe
2022-09-01 17:00 ` Robin Murphy
2022-09-01 20:28 ` Matthew Rosato
2022-09-02 7:49 ` Niklas Schnelle
2022-09-01 10:25 ` Robin Murphy
2022-09-01 16:14 ` Matthew Rosato
2022-09-01 20:37 ` Jason Gunthorpe
2022-09-02 17:11 ` Matthew Rosato
2022-09-02 17:21 ` Jason Gunthorpe
2022-09-02 18:20 ` Matthew Rosato
2022-09-05 9:46 ` Robin Murphy
2022-09-06 13:36 ` Jason Gunthorpe
2022-09-02 10:48 ` Robin Murphy
2022-08-31 20:12 ` Matthew Rosato [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220831201236.77595-3-mjrosato@linux.ibm.com \
--to=mjrosato@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=gerald.schaefer@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=pmorel@linux.ibm.com \
--cc=robin.murphy@arm.com \
--cc=schnelle@linux.ibm.com \
--cc=svens@linux.ibm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.